Custom Query (2152 matches)
Results (1090 - 1092 of 2152)
Ticket | Resolution | Summary | Owner | Reporter |
---|---|---|---|---|
#1027 | fixed | Authorization checks on all controller actions | pudo | pudo |
Description |
We want to have authz checks on all controller actions so that we can lock down CKAN to a login-only mode. |
|||
#1044 | fixed | Sysadmins locked-out of API without Right: (visitor, SITE_READ, System) | pudo | dread |
Description |
The problem is that in ckan/controllers/rest.py the BaseApiController? has this method: def __before__(self, action, **env): BaseController.__before__(self, action, **env) if not self.authorizer.am_authorized(c, model.Action.SITE_READ, model.System): abort(401, _('Not authorized to see this page')) which works on the basis of your c.user, rather than your apikey. All API users are treated as visitors (since API users don't get a login cookie) and even a sysadmin's apikey is blocked unless there is a right for a Visitor to SITE_READ. Also needs tests. (Also, why is this restriction only on the API, package search, group index and tags and agroup index? I'm guessing SITE_READ is only for places where other authz don't apply, but maybe it should not be called 'SITE_READ' but 'OTHER_READ' or something?) |
|||
#1122 | wontfix | JSON Extra data not searchable | pudo | dread |
Description |
It is possible to use the CKAN API to insert JSON format data into package extra values, but this data is not found on searching. Full text from Pascal: we encountered a Problem concerning accessing Arrays/Lists. curl -XGET 'http://ckan.net/api/rest/package/hbz_unioncatalog' will get you amongst others: "extras": {"publishingInstitution": "[u'http://lobid.org/organisation/DE-605', u'http://lobid.org/organisation/DE-290', u'http://lobid.org/organisation/DE-38M', u'http://lobid.org/organisation/DE-98', u'http://lobid.org/organisation/DE-38', u'http://lobid.org/organisation/DE-Kn41', u'http://lobid.org/organisation/DE-82', u'http://lobid.org/organisation/DE-107', u'http://lobid.org/organisation/DE-929', u'http://lobid.org/organisation/DE-Zw1', u'http://lobid.org/organisation/DE-832']"} but if I try to query this: wget 'http://ckan.net/api/search/package?q=lobid&publishingInstitution="http://lobid.org/organisation/DE-605"' I get only two packages, among the package "hbz_unioncatalog" is missing. (These two packages have only one value for "publishingInstitution"). The "extra/publishingInstitution"-Array was uploaded through a "curl -XPUT ... "extras": { "publishingInstitution":[ "http://lobid.org/organisation/DE-605", "http://lobid.org/organisation/DE-290", "http://lobid.org/organisation/DE-38M", "http://lobid.org/organisation/DE-98", "http://lobid.org/organisation/DE-38", "http://lobid.org/organisation/DE-Kn41", "http://lobid.org/organisation/DE-82", "http://lobid.org/organisation/DE-107", "http://lobid.org/organisation/DE-929", "http://lobid.org/organisation/DE-Zw1", "http://lobid.org/organisation/DE-832" ] }, ... |